A Quick Look at Compliance

With organizations across various industries having to cough up massive fines for non-compliance, some are left to wonder whether the current approaches for achieving compliance simply don’t work.

Organizations are looking for a robust program that will enable them to manage compliance with regulations and internal policies, improve information security practices and streamline audits and remediation activities.

As regulations continue to mount, there is a constant barrage of new guidelines to adhere to, and new initiatives being pushed forth in order to mitigate risk. Needless to say, risk and compliance groups are finding it daunting to keep up. There is also the challenge of growing cyber security threats, further compounding the problem with compliance.

While there are a plethora of problems organizations face with current processes and tools, we will highlight 3 core challenges that we’ve witnessed across multiple industries and organizations:

Challenge 1:

Many companies treat each regulation or framework as an independent set of controls, which leads to:

• Multiple Audits• Redundant tests• Repetitive evidence gathering

The Solution: a centralized repository with a list of controls that map to all regulatory, compliance and operational requirements. This allows for “test once, comply many.”

Challenge 2:

Manually collecting compliance evidence, through manual assessments, walkthroughs or capturing screenshots. Relying heavily on the tribal knowledge present within the information security team takes a lot of time, and is mostly managed through spreadsheets or email.

This leads to version control issues and several times evidence cannot be repurposed for other audits, or even reproduced.

INRY clients have leveraged ServiceNow Audit Management to log observations and track remediation activities using control tasks. A lot of remediation activities are actually carried out by the Service Management teams, and if they’re using ServiceNow ITSM, then it gives them a central location for all tasks, embedding controls into the Service Management processes.

• Service Management and Risk Management share common automated processes and workflow engine• Assign and track work associated with evidence and remediation tasks• Design, track, and report on audit activities• Single System of Record enables integrated checks and balances to ensure controls, service objectives, and operational integrity are achieved.• Many ServiceNow applications in the ITSM, ITOM, and ITBM already have elements of managing risk

As a ServiceNow Gold Services Partner, we have proven success implementing ServiceNow Audit Management through our work at multiple large organizations. INRY partners with clients to develop a multi-phased approach allowing clients the ability to quickly recover value while building experience to further determine business needs. If you are looking to get started, or just learn more, we’re happy to talk. Send us a message or email us at info@integrhythm.com